A
security
issue
has
been
identified
on
IBM
Power
5
Systems
such
that
the
firewall
code
does
not
get
executed
in
certain
network
configurations
leading
to
elevated
privilege.
The
issue
only
exists
on
Service
Processor
for
IBM
Power
5
Systems
listed
below
and
has
not
been
found
to
exist
in
... [ + Read more ]

This
post
is
in
response
to
the
“Exploiting
the
DRAM
rowhammer
bug
to
gain
kernel
privileges”
blog
post
by
Project
Zero
on
March
9,
2015.
More
information
can
be
found
at
Project Zero.
IBM
has
determined
that
all
IBM
System
z,
System
p,
System
x,
and
IBM
Storage
products
are
not
vulnerable
... [ + Read more ]

Some
WebSphere
Commerce
data
may
be
encrypted
using
an
encryption
algorithm
that
is
susceptible
to
a
padding
oracle
attack
which
may
allow
for
the
disclosure
of
user
personal
data.
CVE(s):
CVE-2013-0523
Affected
product(s) and version(s):
WebSphere
Commerce
versions
7.0.0.0
to
7.0.0.7
WebSphere
Commerce
versions
6.0.0.0
to
6.0.0.11
WebSphere
Commerce
5.6.1.0
to
5.6.1.5
Earlier
out
of
support
versions
may
... [ + Read more ]